Hi @abinakhoul,
This may be an issue with changes to how Let’s Encrypt SSL certificates work last fall. You can read more about it here:
https://letsencrypt.org/docs/certificate-compatibility/#platforms-that-trust-isrg-root-x1
Typically your web host can resolve this for you if this is the case. I’d recommend reaching out to them. Let us know what you find out.
Thanks!
Hi
We reported this issue to our web host and here is the support team’s answer:
This issue normally shows if cURL tries to read an incorrect root certificate for the SSL. Your SSL has the correct root (the last SSL in this chain): https://decoder.link/sslchecker/citypara.net/443
So there seems to be an issue that cURL tries to read it from incorrect place.
Please advise
Thanks!
-
This reply was modified 2 years, 6 months ago by abinakhoul.
Let’s Encrypt originally used the “DST Root CA X3” CA Root certificate. Let’s encrypt now uses “ISRG Root X1” and “ISRG Root X2” as Root CA’s and “Let’s Encrypt R3” as an intermediate certificate.
We removed “DST Root CA X3” and installed “ISRG Root X1” and “ISRG Root X2” as Root CA’s and “Let’s Encrypt R3” as an intermediate certificate.
The root certificate “ISRG Root X1” is now in the trusted list but the issue of “cURL error 60: SSL certificate problem: certificate has expired” persists.
Is the CURL call you are doing in PHP code of your plugin is relying in the WordPress bundle certificate?
Thanks!
-
This reply was modified 2 years, 6 months ago by abinakhoul.
Hi @abinakhoul,
… the issue of “cURL error 60: SSL certificate problem: certificate has expired” persists.
Is the CURL call you are doing in PHP code of your plugin is relying in the WordPress bundle certificate?
The cURL call is in PHP code.
The error above is related to changes made to the SSL certificate on WooCommerce.com which may cause issues to outdated browsers and servers.
To fix this issue, usually, you have to ensure that the platforms you are using trust the ISRG Root X1 certificate. That should then resolve the problems you’re having.
I understand this is not your case and the problem persists. As a next step, please make sure you are using an up-to-date browser.
Keep us posted on how that goes.
Hello,
We are using Chrome and it is up to date
Version 100.0.4896.75 (Official Build) (64-bit).
As we said previously, Google Merchant Center is connected and authenticated successfully. Is there any specific code you are using to connect Google Account?
Thanks!
Hello,
It seems that WordPress loads its own CA Bundle, which contains the expired certificate.
I download the latest version of ca-bundle.crt from github and overwrite the current version in /wp-includes/certificates/
Now I have another GET https://api-vipgo.woocommerce.com
cURL error 60: SSL certificate problem: unable to get local issuer certificate
Please advise
Hi @abinakhoul,
It seems that WordPress loads its own CA Bundle, which contains the expired certificate. cURL error 60: SSL certificate problem: unable to get local issuer certificate
We have seen this error with other users, but it was due to a Jetpack connection problem. Jetpack does not issue SSL certificates, so we aren’t able to fix that for you. The SSL certificate was most likely issued by your web host, so they should be able to fix that.
Once Jetpack is able to verify the site’s SSL certificate, it should be able to connect to the site.
I hope that helps clarify things for you. If you need more help with that, please tell us the URL of the site you are trying to connect to Jetpack.
For the context, you need jetpack connection in other to connect your site to WordPress.com which is required for the Google Listings & Ads connection.
Additionally, you can share this tool with your web host to check your SSL: https://www.sslshopper.com/ (it has an input field to enter the site URL at the bottom of the page). From there, you will see if the server’s certificate chain is complete.
Thanks!
Hello,
I mentioned in my first post that Jetpack account is connected and authenticated successfully.
On the other hand, the results of SSL checker for my domain are all good:
“citypara.net resolves to 130.211.118.199
Server Type: Apache/2.2.22 (Debian)
The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).
The certificate was issued by Sectigo.
The certificate will expire in 338 days.
The hostname (citypara.net) is correctly listed in the certificate.”
The problem is with the cURL call in your plugin code https://api-vipgo.woocommerce.com
Please fix this issue.
Thanks!
-
This reply was modified 2 years, 5 months ago by abinakhoul.
Hey @abinakhoul,
Thanks for the verification. This extension is used on a large number of sites without this issue. We’ll need to find out what’s different here when compared to other sites without the problem.
To help you out best with this, please open up a ticket at WooCommerce.com. Make sure to include a link to this thread so we can pick it up from here.
https://woocommerce.com/my-account/create-a-ticket/
Thanks